Security

[bones]

Security is one of my favorite topics when it comes to computers/internet/life. Post your related links, topics, etc., here.

Heartbleed has grabbed the headlines lately. Got server? Test your vulnerability here:

http://filippo.io/Heartbleed/

Check your distro for updates to OpenSSL. Slackware received an update for this yesterday.

[bones]

Switzerland National Defense:

https://www.schneier.com/blog/archives/ ... d_nat.html

[GekkoP]

Read about Heartbleed. I got two servers (Coal and Debian sid), both got new openssl today.

Also, I'm not that paranoid, but I like having clamav and ipkungfu ready to protect me.

[wuxmedia]

Don't. 8)
I spent most of the day replying to customers about this...
happily most of our servers still run oldstable.
and the wheezy ones we are paid to look after just apt-get updated.
and then remake all your SSL keys, which is a hasslehof.
sid/jessie was totally unaffected, as was oldstable. and it is a minor version or a letter in front.
for debian the bug was posted at 21:00 hrs and the patch was issued 2 hours later.

[bones]

OpenBSD folks fork OpenSSL as LibreSSL, yank a bunch of cruft right away...

http://arstechnica.com/information-tech ... essl-fork/

[hinto]

http://www.pcworld.com/article/2148368/ ... a-fix.html

[dkeg]

A bit like snapchat for email (among other security benefits)

https://protonmail.ch

[GekkoP]

^ thanks

[bones]

Beyond Security Getting to Know OpenBSD's Real Purpose:

[yt]JrFfrrY-yOo[/yt]

[Alad]

^ I can fully relate to "Attack of the blob". My laptop only supports X in Debian and OpenBSD (or distros with libre kernels) because of those.

Here's a post on why all this shit is so big, for everyone:

https://krebsonsecurity.com/2012/10/the ... revisited/

[bones]

Mayhem – a hidden threat for *nix web servers:

https://www.virusbtn.com/virusbulletin/ ... 407-Mayhem

[harveyhunt]

I really enjoyed the BSD talk, I had no idea how pedantic they are about licensing- I think that is quite a good idea though.

Them wanting to push forwards technology and security is something I really respect.

[bones]

I'm shocked, SHOCKED, I tell you! ;)

http://www.zdnet.com/forensic-scientist ... 000031795/

[bones]

New Pentoo release:

http://pentoo.blogspot.tw/2015/01/xmas- ... on-11.html

[Dr_Chroot]

^ Aw. Just downloaded that last one before Christmas to try out. Will have to download again now... Looks fantastic. My New Year's Resolution is to learn the basics of pentesting and netsec; would love to be able to use that as a source for future income, as it looks like it is generating more interest. Just this morning I finally did something that was long overdue...

Code: Select all

man iptables

This afternoon I am planning on taking a peek at pf, too. Just to compare and see what the options are :)

[wuxmedia]

^ we use shorewall... much easier (as far as FW's go), good to know your iptables DROP 123.123.23.21 -gay CHAIN and all that shit though.

I was enjoying reading walkthroughs of some of these. very enjoyable.
https://www.vulnhub.com/
might even try to bust into one, keep the noggin noddin' so to speak

[Dr_Chroot]

^ Ah! Thanks, wux. Shorewall is just the ticket. And vulnhub? Looks like a wonderful place to begin the cracking ;)

[bones]

Code rot and OpenBSD. Not specifically related to security, but it does affect it:

http://homing-on-code.blogspot.com/2015 ... enbsd.html

[bones]

What? Vulnerabilities in Flash? How can this be? ;)

https://web.nvd.nist.gov/view/vuln/deta ... -2015-0311

Google outs some shit in Mac OSX:

http://www.cnet.com/news/google-team-fi ... pple-os-x/

[GekkoP]

Started using tiger and lyins (both in repos.)

X-FILES-NERD-ALERT
I want to believe in Deep Throat.